PT-2026-5696 · Brocade · Brocade Fabric Os+1
Published
2026-02-02
·
Updated
2026-02-09
·
CVE-2025-12772
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Brocade SANnav versions prior to 2.4.0b
Description
Brocade SANnav before version 2.4.0b improperly handles logging of the Brocade Fabric OS Switch admin password. The password is logged in clear text within the SANnav support save logs. Additionally, when an out-of-memory (OOM) event occurs on a Brocade SANnav server, the call stack trace for the Brocade switch, which also contains the switch admin password in clear text, is included in the heap dump file. A remote authenticated attacker with administrative privileges could potentially access these logs or the supportsave file to obtain the switch admin password.
Recommendations
Update Brocade SANnav to version 2.4.0b or later.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Fabric Os
Brocade Sannav